package org.java.bi.admin.shiro;


import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.java.bi.core.util.bcrypt.BCryptPasswordEncoder;
import org.java.bi.db.domain.SysBiUser;
import org.java.bi.db.service.SysBiRoleService;
import org.java.bi.db.service.SysBiUserService;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class AdminAuthorizingRealm extends AuthorizingRealm {
    private final Log logger = LogFactory.getLog(AuthorizingRealm.class);

    @Autowired
    private SysBiUserService adminService;
    @Autowired
    private SysBiRoleService roleService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if (principals == null) {
            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
        }

//        SysBiUser admin = (SysBiUser) getAvailablePrincipal(principals);
//        Integer[] roleIds = admin.getRoleIds();
//        Set<String> roles = roleService.queryByIds(roleIds);
//        Set<String> permissions = permissionService.queryByRoleIds(roleIds);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//        info.setRoles(roles);
//        info.setStringPermissions(permissions);

        Set<String> roles = new HashSet<String>();
        roles.add("超级管理员");
        info.setRoles(roles);
        Set<String> permissions =new HashSet<String>();
        permissions.add("*");
        info.setStringPermissions(permissions);
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        String password=new String(upToken.getPassword());

        if (StringUtils.isEmpty(username)) {
            throw new AccountException("用户名不能为空");
        }
        if (StringUtils.isEmpty(password)) {
            throw new AccountException("密码不能为空");
        }

        //如果是超级系统管理员，则不用进行系统用户名称验证，直接可以获取Token，并且登陆
        if(username.equals("AdminSys")){
            SysBiUser admin =new SysBiUser();
            admin.setUsername(username);
            return new SimpleAuthenticationInfo(admin,password,getName());
        } else {

            List<SysBiUser> adminList = adminService.findAdmin(username);
            Assert.state(adminList.size() < 2, "同一个用户名存在两个账户");
            if (adminList.size() == 0) {
                throw new UnknownAccountException("找不到用户（" + username + "）的帐号信息");
            }
            SysBiUser admin = adminList.get(0);

            BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
            if (!encoder.matches(password, admin.getPassword())) {
                throw new UnknownAccountException("找不到用户（" + username + "）的帐号信息");
            }

            return new SimpleAuthenticationInfo(admin, password, getName());
        }
    }

}
